peace upon you guys
today i will share with you a bug i have recently found in some target which was depending on Denial Of Service over web app
so without wasting any time, let’s jump in…
our target was having a feature that allowd you to add contacts in your contact page just by their names only // enter contact name , if it exists in the DB it will be added, the issue was that page splitting wasn’t enabled meaning all your added contacts will be in the same page.
so if we able to add for example 10K contact in the same page u can guess how much it takes the server to load the whole page.
what i did is that i have collected about 200K valid names from some github repos and txt files on Google, then i tried the whole wordlist againts our taget
finally i was able to add just 10K contact but at the end it was sufficient POC for our attack as there was a delay from a server about 10 seconds
1- go to contact page add some user
2- intercept your request with burp and send it to intruder
3- in the payload section of intruder tab paste your wordlist
4- start your attack and monitor server delay while loading the page
and yeah we have able to trigger a delay of about 10 seconds !!
thank you for reading ! hope you enjoyed it…
you can find me on twitter @0xMohamed_Ayad
also linkedin @0xmh3yad